/convert_report.txt
/update_report.txt
.DS_Store
-.vscode/
.envrc
+/inventory.yaml
/convert_report.txt
/update_report.txt
.DS_Store
-.vscode/
.envrc
+/inventory.yaml
/appveyor.yml
/.fixtures.yml
/Gemfile
/.gitlab-ci.yml
/.pdkignore
/Rakefile
+/rakelib/
/.rspec
/.rubocop.yml
/.travis.yml
/.yardopts
/spec/
+/.vscode/
---
-dist: trusty
language: ruby
cache: bundler
before_install:
- 'bundle exec rake $CHECK'
bundler_args: --without system_tests
rvm:
- - 2.5.1
-env:
- global:
- - BEAKER_PUPPET_COLLECTION=puppet6 PUPPET_GEM_VERSION="~> 6.0"
+ - 2.5.3
+stages:
+ - static
+ - spec
+ - acceptance
+ -
+ if: tag =~ ^v\d
+ name: deploy
matrix:
fast_finish: true
include:
bundler_args:
dist: trusty
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=docker/debian-8 BEAKER_TESTMODE=apply
- rvm: 2.5.1
+ rvm: 2.5.3
script: bundle exec rake beaker
services: docker
+ stage: acceptance
sudo: required
-
bundler_args:
dist: trusty
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=docker/ubuntu-14.04 BEAKER_TESTMODE=apply
- rvm: 2.5.1
+ rvm: 2.5.3
script: bundle exec rake beaker
services: docker
+ stage: acceptance
sudo: required
-
- env: CHECK="syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop"
- -
- env: CHECK=parallel_spec
+ env: CHECK="check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint"
+ stage: static
-
env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec
- rvm: 2.4.4
+ rvm: 2.4.5
+ stage: spec
+ -
+ env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec
+ rvm: 2.5.3
+ stage: spec
+ -
+ env: DEPLOY_TO_FORGE=yes
+ stage: deploy
branches:
only:
- master
# Only send basic auth if URL contains userinfo
# Some webservers (e.g. Amazon S3) return code 400 if empty basic auth is sent
if parsed_value.userinfo.nil?
- key = parsed_value.read
+ key = if parsed_value.scheme == 'https' && resource[:weak_ssl] == true
+ open(parsed_value, ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE).read
+ else
+ parsed_value.read
+ end
else
user_pass = parsed_value.userinfo.split(':')
parsed_value.userinfo = ''
defaultto false
end
+ newparam(:weak_ssl, boolean: true, parent: Puppet::Parameter::Boolean) do
+ desc 'When true and source uses https, accepts download of keys without SSL verfication'
+ defaultto false
+ end
+
newproperty(:fingerprint) do
desc <<-MANIFEST
The 40-digit hexadecimal fingerprint of the specified GPG key.
# Specifies a keyserver to provide the GPG key. Valid options: a string containing a domain name or a full URL (http://, https://,
# hkp:// or hkps://). The hkps:// protocol is currently only supported on Ubuntu 18.04.
#
+# @param weak_ssl
+# Specifies whether strict SSL verification on a https URL should be disabled. Valid options: true or false.
+#
# @param options
# Passes additional options to `apt-key adv --keyserver-options`.
#
Optional[String] $content = undef,
Optional[Pattern[/\Ahttps?:\/\//, /\Aftp:\/\//, /\A\/\w+/]] $source = undef,
Pattern[/\A((hkp|hkps|http|https):\/\/)?([a-z\d])([a-z\d-]{0,61}\.)+[a-z\d]+(:\d{2,5})?$/] $server = $::apt::keyserver,
+ Boolean $weak_ssl = false,
Optional[String] $options = undef,
) {
if !defined(Anchor["apt_key ${id} present"]) {
apt_key { $title:
- ensure => present,
- refresh => $ensure == 'refreshed',
- id => $id,
- source => $source,
- content => $content,
- server => $server,
- options => $options,
+ ensure => present,
+ refresh => $ensure == 'refreshed',
+ id => $id,
+ source => $source,
+ content => $content,
+ server => $server,
+ weak_ssl => $weak_ssl,
+ options => $options,
} -> anchor { "apt_key ${id} present": }
case $facts['os']['name'] {
if !defined(Anchor["apt_key ${id} absent"]){
apt_key { $title:
- ensure => $ensure,
- id => $id,
- source => $source,
- content => $content,
- server => $server,
- options => $options,
+ ensure => $ensure,
+ id => $id,
+ source => $source,
+ content => $content,
+ server => $server,
+ weak_ssl => $weak_ssl,
+ options => $options,
} -> anchor { "apt_key ${id} absent": }
}
}
"requirements": [
{
"name": "puppet",
- "version_requirement": ">= 4.8.0 < 7.0.0"
+ "version_requirement": ">= 5.5.10 < 7.0.0"
}
],
- "template-url": "https://github.com/puppetlabs/pdk-templates",
- "template-ref": "heads/master-0-gfde5699",
- "pdk-version": "1.8.0"
-}
\ No newline at end of file
+ "template-url": "https://github.com/puppetlabs/pdk-templates#master",
+ "template-ref": "heads/master-0-gf778803",
+ "pdk-version": "1.10.0"
+}
}
MANIFEST
+https_with_weak_ssl_works_pp = <<-MANIFEST
+ apt_key { 'puppetlabs':
+ id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
+ ensure => 'present',
+ source => 'https://#{PUPPETLABS_APT_URL}/#{PUPPETLABS_GPG_KEY_FILE}',
+ weak_ssl => true,
+ }
+ MANIFEST
+
https_userinfo_pp = <<-MANIFEST
apt_key { 'puppetlabs':
id => '#{PUPPETLABS_GPG_KEY_LONG_ID}',
shell(PUPPETLABS_KEY_CHECK_COMMAND)
end
+ it 'works with weak ssl' do
+ apply_manifest_twice(https_with_weak_ssl_works_pp)
+ shell(PUPPETLABS_KEY_CHECK_COMMAND)
+ end
+
it 'works with userinfo' do
apply_manifest_twice(https_userinfo_pp)
shell(PUPPETLABS_KEY_CHECK_COMMAND)
expect(provider).to be_exist
end
+ it 'apt_key with source and weak ssl verify set' do
+ expect(described_class).to receive(:apt_key).with(array_including('add', kind_of(String)))
+ resource = Puppet::Type::Apt_key.new(name: 'gsd',
+ id: 'C105B9DE',
+ source: 'https://bla/herpderp.gpg',
+ ensure: 'present',
+ weak_ssl: true)
+
+ provider = described_class.new(resource)
+ expect(provider).not_to be_exist
+ expect(provider).to receive(:source_to_file).and_return(Tempfile.new('foo'))
+ provider.create
+ expect(provider).to be_exist
+ end
+
describe 'different valid id keys' do
hash_of_keys = {
'32bit key id' => 'EF8D349F',
it 'refresh is not set' do
expect(resource[:refresh]).to eq nil
end
+
+ it 'weak_ssl is not set' do
+ expect(resource[:weak_ssl]).to eq nil
+ end
end
context 'with a lowercase 32bit key id' do
end
end
+ context 'with source and weak_ssl' do
+ let(:resource) do
+ Puppet::Type.type(:apt_key).new(
+ id: 'EF8D349F',
+ source: 'https://apt.puppetlabs.com/pubkey.gpg',
+ weak_ssl: true,
+ )
+ end
+
+ it 'source is set to the URL' do
+ expect(resource[:source]).to eq 'https://apt.puppetlabs.com/pubkey.gpg'
+ end
+ end
+
context 'with content' do
let(:resource) do
Puppet::Type.type(:apt_key).new(
Code Review / puppet-modules / puppetlabs-apt.git / commitdiff